159 lines
5.2 KiB
Python
159 lines
5.2 KiB
Python
from decimal import Decimal
|
|
|
|
from fastapi import APIRouter, HTTPException, Request
|
|
from sqlalchemy import select
|
|
from starlette import status
|
|
from starlette.responses import RedirectResponse
|
|
|
|
from allmende_payment_system.api.dependencies import SessionDep, UserDep
|
|
from allmende_payment_system.models import Permission, User, UserGroup
|
|
from allmende_payment_system.tools import get_jinja_renderer
|
|
|
|
admin_router = APIRouter(prefix="/admin")
|
|
|
|
# USERS
|
|
|
|
|
|
@admin_router.get("/users")
|
|
async def user_list(request: Request, session: SessionDep, user: UserDep):
|
|
if not user.has_permission("user", "edit"):
|
|
raise HTTPException(status_code=403, detail="Insufficient permissions")
|
|
|
|
users = session.scalars(select(User)).all()
|
|
groups = session.scalars(select(UserGroup)).all()
|
|
templates = get_jinja_renderer()
|
|
return templates.TemplateResponse(
|
|
"users.html.jinja",
|
|
context={"request": request, "users": users, "all_groups": groups},
|
|
)
|
|
|
|
|
|
@admin_router.post("/users/{user_id}/add_group")
|
|
async def user_add_group(
|
|
request: Request, session: SessionDep, loggend_in_user: UserDep, user_id: int
|
|
):
|
|
if not loggend_in_user.has_permission("user", "edit"):
|
|
raise HTTPException(status_code=403, detail="Insufficient permissions")
|
|
|
|
data = await request.form()
|
|
|
|
group = session.execute(
|
|
select(UserGroup).where(UserGroup.id == data["group_id"])
|
|
).scalar_one()
|
|
user = session.execute(select(User).where(User.id == user_id)).scalar_one()
|
|
user.user_groups.append(group)
|
|
|
|
return RedirectResponse(url="/admin/users", status_code=status.HTTP_303_SEE_OTHER)
|
|
|
|
|
|
@admin_router.get("/users/{user_id}/remove_group/{group_id}")
|
|
async def user_remove_group(
|
|
request: Request,
|
|
session: SessionDep,
|
|
loggend_in_user: UserDep,
|
|
user_id: int,
|
|
group_id: int,
|
|
):
|
|
if not loggend_in_user.has_permission("user", "edit"):
|
|
raise HTTPException(status_code=403, detail="Insufficient permissions")
|
|
|
|
group = session.execute(
|
|
select(UserGroup).where(UserGroup.id == group_id)
|
|
).scalar_one()
|
|
user = session.execute(select(User).where(User.id == user_id)).scalar_one()
|
|
print(user)
|
|
user.user_groups.remove(group)
|
|
return RedirectResponse(url="/admin/users", status_code=status.HTTP_303_SEE_OTHER)
|
|
|
|
|
|
# GROUPS
|
|
|
|
|
|
@admin_router.get("/groups")
|
|
async def group_list(request: Request, session: SessionDep, user: UserDep):
|
|
if not user.has_permission("user", "edit"):
|
|
raise HTTPException(status_code=403, detail="Insufficient permissions")
|
|
|
|
groups = session.scalars(select(UserGroup)).all()
|
|
templates = get_jinja_renderer()
|
|
return templates.TemplateResponse(
|
|
"groups.html.jinja",
|
|
context={"request": request, "groups": groups},
|
|
)
|
|
|
|
|
|
@admin_router.post("/groups/{group_id}/add_permission")
|
|
async def group_add_permission(
|
|
request: Request, session: SessionDep, user: UserDep, group_id: int
|
|
):
|
|
if not user.has_permission("user", "edit"):
|
|
raise HTTPException(status_code=403, detail="Insufficient permissions")
|
|
|
|
data = await request.form()
|
|
scope_action = data["permission"].split(":")
|
|
if len(scope_action) != 2:
|
|
raise HTTPException(
|
|
status_code=400, detail="Permission must be in the format 'scope:action'"
|
|
)
|
|
|
|
permission = Permission(scope=scope_action[0], action=scope_action[1])
|
|
group = session.execute(
|
|
select(UserGroup).where(UserGroup.id == group_id)
|
|
).scalar_one()
|
|
|
|
session.add(permission)
|
|
group.permissions.append(permission)
|
|
|
|
return RedirectResponse(url="/admin/groups", status_code=status.HTTP_303_SEE_OTHER)
|
|
|
|
|
|
@admin_router.get("/groups/{group_id}/remove_permission/{permission_id}")
|
|
async def group_remove_permission(
|
|
request: Request,
|
|
session: SessionDep,
|
|
user: UserDep,
|
|
group_id: int,
|
|
permission_id: int,
|
|
):
|
|
if not user.has_permission("user", "edit"):
|
|
raise HTTPException(status_code=403, detail="Insufficient permissions")
|
|
|
|
permission = session.execute(
|
|
select(Permission).where(Permission.id == permission_id)
|
|
).scalar_one()
|
|
group = session.execute(
|
|
select(UserGroup).where(UserGroup.id == group_id)
|
|
).scalar_one()
|
|
group.permissions.remove(permission)
|
|
session.delete(permission)
|
|
return RedirectResponse(url="/admin/groups", status_code=status.HTTP_303_SEE_OTHER)
|
|
|
|
|
|
@admin_router.post("/groups/create")
|
|
async def create_group(request: Request, session: SessionDep, user: UserDep):
|
|
if not user.has_permission("user", "edit"):
|
|
raise HTTPException(status_code=403, detail="Insufficient permissions")
|
|
|
|
data = await request.form()
|
|
group = UserGroup(name=data["name"], description=data["description"])
|
|
session.add(group)
|
|
|
|
return RedirectResponse(url="/admin/groups", status_code=status.HTTP_303_SEE_OTHER)
|
|
|
|
|
|
@admin_router.get("/groups/{group_id}/delete")
|
|
async def delete_group(
|
|
request: Request,
|
|
session: SessionDep,
|
|
user: UserDep,
|
|
group_id: int,
|
|
):
|
|
if not user.has_permission("user", "edit"):
|
|
raise HTTPException(status_code=403, detail="Insufficient permissions")
|
|
|
|
group = session.execute(
|
|
select(UserGroup).where(UserGroup.id == group_id)
|
|
).scalar_one()
|
|
session.delete(group)
|
|
return RedirectResponse(url="/admin/groups", status_code=status.HTTP_303_SEE_OTHER)
|